On Friday, August 08, 2003 7:40 PM [GMT+1200=NZT],
DPF
On Fri, 8 Aug 2003 18:18:43 +1200 , Paul Adshead
wrote: Possible ways that the scam has found out the contact info: - if you knew enough about HTML, ASP and VB, it would be simple enough to write a program that once every five seconds sent a request to the DomaiNZ webserver starting at "a.co.nz" and finishing at "zzzzzzz999.net.nz", to find out the information for the various domains - it would take a while though;
There are rate limiters on the whois to stop or minimise this.
That's lucky, because by my reckoning it would take about 762 million years to go through all the possible (37^10) permutations at one query every 5 seconds (and that's just for .co.nz!). I can't imagine a dictionary "attack" would be much more successful, as many domains aren't dictionary words to begin with, and rate limiting would make that slow as well (you could just query the name in DNS first to see if it is delegated and then get whois data later to bypass that somewhat though).
- there is also probably an online listing somewhere, of all of the currently active companies in New Zealand, you could then just try "<company name>.co.nz" and "<company name>.net.nz".
I am not sure if such a list exists, at least not in the public domain. The Companies Office allows you to search for a company, but that would be no more useful than the whois itself (except that it returns multiple results). In any case, I am sure there are examples out there where people are receiving these letters for domains with no relation to any company name. All of which begs the question, where is the list coming from? There must be a leak somewhere. -Simon